<?php //allow users to uload files to the server
 $page_title='Upload a File';

 if (isset($_POST['submitted'])) {
	require_once('util.php');
	require_once('dbconnect.php');
	$filename='upload';
	
	if (isset($_FILES[$filename]) && ($_FILES[$filename]['error'] != 4)) {
		
		$query="INSERT INTO uploads(file_name, file_size, file_type, description) 
			VALUES('{$_FILES[$filename]['name']}',{$_FILES[$filename]['size']},'{$_FILES[$filename]['type']}','{$_POST['description']}')";
		$result=mysql_query($query);
		
		if ($result) {
			$upload_id = mysql_insert_id();
			
			$name = iconv('UTF-8', 'GBK', $_FILES[$filename]['name']);
			if (move_uploaded_file($_FILES[$filename]['tmp_name'], "./uploads/$upload_id-$name")){
				alert_and_redirect('文件上传成功', 'view_files.php');
			} else {
				$query="DELETE FROM uploads WHERE upload_id=$upload_id";
				$result=mysql_query($query);
				
				alert_and_redirect('文件上传失败', 'view_files.php');
			}
		} else {
			echo '<p><font color="red">Your submission could not be proccessed due to a system error. We
			apologize for any inconvenience.</font></p>';
		}
	}
	else {
		alert_and_redirect('请选择有效文件', 'view_files.php');
	}
	
	mysql_close();
} 
?>